Squashed commit of the following:

commit ec7461d Author: vnugent <public@vaughnnugent.com> Date: Wed Aug 7 21:36:26 2024 -0400 update changelog commit f58245b Author: vnugent <public@vaughnnugent.com> Date: Wed Aug 7 21:14:53 2024 -0400 feat: Add cipher mode mask and fix cc commit 7c8f910 Author: vnugent <public@vaughnnugent.com> Date: Wed Aug 7 15:11:19 2024 -0400 feat: added NCEncryptionGetIvSize() function and helpers commit 4d76151 Merge: 942aed8 6fdc4bc Author: vnugent <public@vaughnnugent.com> Date: Tue Aug 6 20:56:55 2024 -0400 Merge branch 'master' into develop commit 942aed8 Author: vnugent <public@vaughnnugent.com> Date: Tue Aug 6 20:54:03 2024 -0400 chore: update changelog and mbedtls headers commit 3b97f84 Author: vnugent <public@vaughnnugent.com> Date: Tue Aug 6 19:57:10 2024 -0400 update libsecp256k1 to v0.5.1 commit 7989a26 Author: vnugent <public@vaughnnugent.com> Date: Tue Aug 6 19:42:25 2024 -0400 update openssl to 3.3.1 commit e949ae5 Author: vnugent <public@vaughnnugent.com> Date: Mon Aug 5 18:01:03 2024 -0400 fix: Find and fix openssl encryption bug commit a60a3e1 Author: vnugent <public@vaughnnugent.com> Date: Sun Aug 4 15:27:06 2024 -0400 cleanup comments + return codes commit 2aa7f4b Author: vnugent <public@vaughnnugent.com> Date: Sat Jul 27 22:20:53 2024 -0400 fix codeberg url commit 1640f79 Author: vnugent <public@vaughnnugent.com> Date: Sat Jul 27 00:05:07 2024 -0400 fix: Potential overflow in nip44 padding calculation commit 07de078 Author: vnugent <public@vaughnnugent.com> Date: Fri Jul 26 23:37:15 2024 -0400 refactor: Span invasion, checks and fix some evp api commit 54f520e Author: vnugent <public@vaughnnugent.com> Date: Tue Jul 23 19:55:13 2024 -0400 latest changes commit 12feb33 Author: vnugent <public@vaughnnugent.com> Date: Sun Jul 21 17:51:04 2024 -0400 Push latest changes, patches, and internal upgrades commit ffe42b6 Author: vnugent <public@vaughnnugent.com> Date: Sat Jul 13 22:13:13 2024 -0400 test: Add decryption test cases and fixes commit 5dfafbc Author: vnugent <public@vaughnnugent.com> Date: Fri Jul 12 22:14:00 2024 -0400 feat: add decryption functionality to public api commit 8df8c5a Author: vnugent <public@vaughnnugent.com> Date: Thu Jul 11 21:39:39 2024 -0400 feat: Update sidecar utils library commit 23fe6e8 Author: vnugent <public@vaughnnugent.com> Date: Fri Jul 5 00:03:48 2024 -0400 push latest utils and changes commit dc71f86 Author: vnugent <public@vaughnnugent.com> Date: Mon Jul 1 15:05:34 2024 -0400 fix: #7 fix confusing inline functions commit 9016604 Author: vnugent <public@vaughnnugent.com> Date: Tue Jun 18 21:22:37 2024 -0400 push pending changes commit 461dd71 Author: vnugent <public@vaughnnugent.com> Date: Tue Jun 11 15:44:28 2024 -0400 feat!: #4 Close #4. Add public nip04 support to api commit a74f962 Merge: 1c26ef8 51d0aff Author: vnugent <public@vaughnnugent.com> Date: Wed May 29 13:37:00 2024 -0400 Merge branch 'master' into develop commit 1c26ef8 Author: vnugent <public@vaughnnugent.com> Date: Wed May 29 13:34:20 2024 -0400 missed extra argument commit 88c9095 Author: vnugent <public@vaughnnugent.com> Date: Wed May 29 13:25:51 2024 -0400 refactor!: return NC_SUCCESS when validating secret key commit 718be80 Author: vnugent <public@vaughnnugent.com> Date: Mon May 27 14:52:41 2024 -0400 fix: Properly build mbedtls & cmake fixes commit a8a6efb Author: vnugent <public@vaughnnugent.com> Date: Sun May 26 17:39:40 2024 -0400 chore: Update libs, reorder files, internalize private headers commit 72e1b7b Author: vnugent <public@vaughnnugent.com> Date: Sun May 26 13:39:08 2024 -0400 fix: Add c++ extern prototypes in noscrypt.h commit aeaac8d Author: vnugent <public@vaughnnugent.com> Date: Sun May 26 11:47:17 2024 -0400 refactor: Dep update, openssl chacha20 added commit 86b0254 Author: vnugent <public@vaughnnugent.com> Date: Sat May 18 12:24:17 2024 -0400 refactor: Remove NCContext structure definition commit d09d933 Author: vnugent <public@vaughnnugent.com> Date: Mon May 13 22:33:50 2024 -0400 fix: update mbedtls inline issue includes commit 7838cb4 Author: vnugent <public@vaughnnugent.com> Date: Mon May 13 22:29:16 2024 -0400 fix: force fPIC for secp256k1 targets commit d76f770 Merge: aa8033d a526139 Author: vnugent <public@vaughnnugent.com> Date: Sun May 12 00:37:01 2024 -0400 Merge branch 'master' into develop commit aa8033d Author: vnugent <public@vaughnnugent.com> Date: Sun May 12 00:34:20 2024 -0400 Final overview and test before tag commit 4e3ead2 Merge: 2cee801 872c49d Author: vnugent <public@vaughnnugent.com> Date: Mon May 6 22:08:09 2024 -0400 Merge branch 'master' into develop commit 2cee801 Author: vnugent <public@vaughnnugent.com> Date: Mon May 6 22:02:39 2024 -0400 Ensure static and dynamic libs get same args commit f533694 Author: vnugent <public@vaughnnugent.com> Date: Mon May 6 21:50:29 2024 -0400 feat: CMake install & fetch-content test & updates commit 940ff20 Author: vnugent <public@vaughnnugent.com> Date: Sun May 5 14:07:28 2024 -0400 codeberg readonly push commit b34ed05 Merge: 0a40e20 e737556 Author: vnugent <public@vaughnnugent.com> Date: Sat May 4 14:06:45 2024 -0400 Merge branch 'master' into develop commit 0a40e20 Author: vnugent <public@vaughnnugent.com> Date: Sat May 4 13:55:19 2024 -0400 ci: Force disable testing for win ci builds commit 55fae18 Author: vnugent <public@vaughnnugent.com> Date: Thu May 2 21:54:35 2024 -0400 feat: Working and tested openssl impl & defaults commit 6ff8bb1 Author: vnugent <public@vaughnnugent.com> Date: Thu Apr 25 17:45:42 2024 -0400 refactor: Finish support and testing for mbedtls commit 7cb7a93 Author: vnugent <public@vaughnnugent.com> Date: Tue Apr 23 18:19:31 2024 -0400 refactor!: MbedTLS on Windows, switch to uint32 commit 30e8dda Author: vnugent <public@vaughnnugent.com> Date: Tue Apr 23 14:48:05 2024 -0400 refactor: Crypto dep redesign working on Windows commit d09c6c1 Author: vnugent <public@vaughnnugent.com> Date: Thu Apr 18 00:28:51 2024 -0400 refactor!: Pushing what I have to dev commit 54e06ad Author: vnugent <public@vaughnnugent.com> Date: Sat Apr 13 01:24:00 2024 -0400 fix: convert constants to hex, inline macro, ParseErrorCode commit 4215e31 Merge: d3328f4 7485aa5 Author: vnugent <public@vaughnnugent.com> Date: Wed Apr 3 18:26:30 2024 -0400 Merge branch 'master' into develop commit d3328f4 Author: vnugent <public@vaughnnugent.com> Date: Wed Apr 3 18:22:56 2024 -0400 build: Included dependency and versions in client builds commit b11bc0b Author: vnugent <public@vaughnnugent.com> Date: Wed Apr 3 18:10:08 2024 -0400 fix: Fix c89 compatabilty comments and struct assignment commit 9915bd4 Merge: 8e3d6ea 5184d7d Author: vnugent <public@vaughnnugent.com> Date: Sat Mar 30 09:57:30 2024 -0400 Merge branch 'master' into develop commit 8e3d6ea Author: vnugent <public@vaughnnugent.com> Date: Sat Mar 30 09:52:55 2024 -0400 refactor!: Some api (struct) changes and updated tests commit e88e842 Merge: 490dfee 21f6c0a Author: vnugent <public@vaughnnugent.com> Date: Sun Mar 3 15:02:34 2024 -0500 Merge branch 'master' into develop commit 490dfee Author: vnugent <public@vaughnnugent.com> Date: Sun Mar 3 14:59:25 2024 -0500 test: #3 tests for encryption/description and Macs commit efa9749 Merge: 1b84e3c 120022a Author: vnugent <public@vaughnnugent.com> Date: Sun Mar 3 14:55:48 2024 -0500 merge master commit 1b84e3c Author: vnugent <public@vaughnnugent.com> Date: Sat Mar 2 22:57:36 2024 -0500 fix: #2 constent usage of sizeof() operator on struct types commit 9de5a21 Author: vnugent <public@vaughnnugent.com> Date: Fri Mar 1 14:30:36 2024 -0500 perf: avoid nc_key struct copy, cast and verify instead commit b917b76 Author: vnugent <public@vaughnnugent.com> Date: Mon Feb 12 22:06:50 2024 -0500 fix: found the constant time memcompare function commit 9f85fff Author: vnugent <public@vaughnnugent.com> Date: Fri Feb 9 22:48:35 2024 -0500 feat: added/update MAC functions to sign or verify nip44 payload commit aa51137 Author: vnugent <public@vaughnnugent.com> Date: Wed Feb 7 01:37:53 2024 -0500 add missing hmac-key output buffer commit 55f47d2 Author: vnugent <public@vaughnnugent.com> Date: Sun Feb 4 21:08:13 2024 -0500 simple bug fixes, and public api argument validation tests commit 73c5a71 Author: vnugent <public@vaughnnugent.com> Date: Fri Feb 2 23:05:48 2024 -0500 update api to return secpvalidate return code instead of internal return codes commit 06c7300 Author: vnugent <public@vaughnnugent.com> Date: Fri Feb 2 19:25:17 2024 -0500 change to lgpl license commit 6e79fdb Author: vnugent <public@vaughnnugent.com> Date: Wed Jan 31 21:30:49 2024 -0500 move validation macros, and optionally disable them commit ac1e588 Author: vnugent <public@vaughnnugent.com> Date: Tue Jan 30 12:25:05 2024 -0500 couple more tests, renable range checks, set flags for all projects
VnUgE · Aug 8, 2024 · fb3608b · fb3608b
1 parent 6fdc4bc
commit fb3608b
Show file tree

Hide file tree

Showing 6 changed files with 165 additions and 100 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,10 +14,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Utilities for padding calculations
 - Prints the name of the configured crypto backend during build
 - Many internal hardening improvments (span pass-by-value, span validation functions)
+- `NCEncryptionGetIvSize()` function to determine the size of the IV for a chosen encryption spec (nip04 or nip44)
 
 ### Fixed
 - OpenSSL EVP incorrect cipher initialization vector
 - OpenSSL HKDF incorrect key derivation when switching to EVP api
+- Some missing calling convention macros for public api functions
 
 ### Changed
 - Updated libsecp256k1 to v0.5.1
@@ -27,6 +29,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Added helper functions to alter the `NCEncryptionArgs` api. Altering fields directly is now deprecated.
 - Public API visibility for non-Windows platforms now defaults to `extern`
 - **Breaking:** Changed the `nonce32` and `hmacKeyOut32` properties of the `NCEncryptionArgs` struct to `nonceData` and `keyData` respectively. ABI is still compatible, but API has changed. Again mutating this structure manually is now deprecated.
+- Unified some API naming conventions for better consistency
+
+### Removed
+- `NC_ENCRYPTION_NONCE_SIZE` macro for better forward compatability
+- `NC_NIP04_AES_IV_SIZE` macro for better forward compatability 
 
 ## [0.1.2] - 2024-05-29
 

diff --git a/include/noscrypt.h b/include/noscrypt.h
@@ -68,7 +68,6 @@ extern "C" {
 */
 #define BIP340_PUBKEY_HEADER_BYTE 0x02
 #define NIP44_MESSAGE_KEY_SIZE 0x4c /*32 + 12 + 32 = 76 */
-#define NC_ENCRYPTION_NONCE_SIZE 0x20
 #define NC_SEC_KEY_SIZE 0x20
 #define NC_PUBKEY_SIZE 0x20
 #define NC_CONTEXT_ENTROPY_SIZE 0x20
@@ -77,8 +76,9 @@ extern "C" {
 #define NC_HMAC_KEY_SIZE 0x20
 #define NC_ENCRYPTION_MAC_SIZE 0x20
 #define NC_MESSAGE_KEY_SIZE NIP44_MESSAGE_KEY_SIZE
-#define NC_NIP04_AES_IV_SIZE 0x10 /* AES IV size is 16 bytes (aka cipher block size) */
 #define NC_NIP04_AES_KEY_SIZE 0x20 /* AES 256 key size */
+#define NC_NIP44_IV_SIZE 0x20 /* 32 bytes */
+#define NC_NIP04_IV_SIZE 0x10 /* 16 bytes */
 
 /*
 * From spec
@@ -121,10 +121,9 @@ extern "C" {
 */
 
 #define NC_ENC_SET_VERSION 0x01
-#define NC_ENC_SET_NIP44_NONCE 0x02
+#define NC_ENC_SET_IV  0x02
 #define NC_ENC_SET_NIP44_MAC_KEY 0x03
 #define NC_ENC_SET_NIP04_KEY 0x04
-#define NC_ENC_SET_NIP04_IV 0x05
 
 
 /* A compressed resul/return value, negative values 
@@ -578,7 +577,7 @@ NC_EXPORT NCResult NCComputeMac(
 * @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to
 * the error code and positional argument that caused the error.
 */
-NC_EXPORT NCResult NCSetEncryptionProperty(
+NC_EXPORT NCResult NCEncryptionSetProperty(
  NCEncryptionArgs* args, 
  uint32_t property,
  uint32_t value
@@ -595,7 +594,7 @@ NC_EXPORT NCResult NCSetEncryptionProperty(
 * @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to
 * the error code and positional argument that caused the error.
 */
-NC_EXPORT NCResult NCSetEncryptionPropertyEx(
+NC_EXPORT NCResult NCEncryptionSetPropertyEx(
  NCEncryptionArgs* args,
  uint32_t property,
  uint8_t* value,
@@ -612,13 +611,20 @@ NC_EXPORT NCResult NCSetEncryptionPropertyEx(
 * @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to
 * the error code and positional argument that caused the error.
 */
-NC_EXPORT NCResult NCSetEncryptionData(
+NC_EXPORT NCResult NCEncryptionSetData(
  NCEncryptionArgs* args,
  const uint8_t* input,
  uint8_t* output,
  uint32_t dataSize
 );
 
+/*
+* Gets the size of the encryption nonce (iv) for the given encryption version
+* @param version The encryption version to get the nonce size for
+* @return The size of the nonce in bytes, or 0 if the version is not supported
+*/
+NC_EXPORT uint32_t NCEncryptionGetIvSize(uint32_t version);
+
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */

diff --git a/include/noscryptutil.h b/include/noscryptutil.h
@@ -43,6 +43,8 @@ extern "C" {
 #define E_CIPHER_BAD_INPUT -15
 #define E_CIPHER_BAD_INPUT_SIZE -16
 
+#define NC_UTIL_CIPHER_MODE 0x01u
+
 #define NC_UTIL_CIPHER_MODE_ENCRYPT 0x00u
 #define NC_UTIL_CIPHER_MODE_DECRYPT 0x01u
 #define NC_UTIL_CIPHER_ZERO_ON_FREE 0x02u
@@ -132,7 +134,7 @@ NC_EXPORT NCResult NC_CC NCUtilCipherReadOutput(
 );
 
 /*
-* Sets a property on the encryption context. Equivalent to calling NCSetEncryptionPropertyEx
+* Sets a property on the encryption context. Equivalent to calling NCEncryptionSetPropertyEx
 * @param ctx A valid pointer to an encryption context
 * @param property The property to set
 * @param value A pointer to the value to set
@@ -176,6 +178,15 @@ NC_EXPORT NCResult NC_CC NCUtilCipherUpdate(
  const NCPublicKey* pk
 );
 
+/*
+* Gets the size of the IV(nonce) required for the encryption context.
+* @param encCtx A valid pointer to an initialized encryption context
+* @return The size of the IV in bytes, or a negative error code if the context 
+* is invalid, or the version is not supported. Use NCParseErrorCode to get the error code
+* and positional argument that caused the error.
+*/
+NC_EXPORT NCResult NC_CC NCUtilCipherGetIvSize(const NCUtilCipherContext* encCtx);
+
 #ifdef __cplusplus
 }
 #endif

diff --git a/src/noscrypt.c b/src/noscrypt.c
@@ -310,7 +310,7 @@ static _nc_fn_inline NCResult _encryptNip44Ex(
 
  result = NC_SUCCESS;
 
- ncSpanInitC(&nonceSpan, args->nonceData, NC_ENCRYPTION_NONCE_SIZE);
+ ncSpanInitC(&nonceSpan, args->nonceData, NC_NIP44_IV_SIZE);
 
  /* Message key will be derrived on every encryption call */
  if (_getMessageKey(ck, nonceSpan, &messageKey) != CSTATUS_OK)
@@ -344,13 +344,14 @@ static _nc_fn_inline NCResult _decryptNip44Ex(const NCContext* ctx, const struct
  struct message_key messageKey;
  const struct nc_expand_keys* cipherKeys;
 
- DEBUG_ASSERT2(ctx != NULL, "Expected valid context")
- DEBUG_ASSERT2(ck != NULL, "Expected valid conversation key")
- DEBUG_ASSERT2(args != NULL, "Expected valid encryption args")
+ DEBUG_ASSERT2(ctx != NULL, "Expected valid context");
+ DEBUG_ASSERT2(ck != NULL, "Expected valid conversation key");
+ DEBUG_ASSERT2(args != NULL, "Expected valid encryption args");
+ DEBUG_ASSERT(args->version == NC_ENC_VERSION_NIP44);
 
  result = NC_SUCCESS;
 
- ncSpanInitC(&nonceSpan, args->nonceData, NC_ENCRYPTION_NONCE_SIZE);
+ ncSpanInitC(&nonceSpan, args->nonceData, NC_NIP44_IV_SIZE);
 
  if (_getMessageKey(ck, nonceSpan, &messageKey) != CSTATUS_OK)
  {
@@ -401,7 +402,7 @@ static NCResult _verifyMacEx(
  DEBUG_ASSERT2(conversationKey != NULL, "Expected valid conversation key")
  DEBUG_ASSERT2(args != NULL, "Expected valid mac verification args")
 
- ncSpanInitC(&nonceSpan, args->nonce32, NC_ENCRYPTION_NONCE_SIZE);
+ ncSpanInitC(&nonceSpan, args->nonce32, NC_NIP44_IV_SIZE);
  ncSpanInitC(&payloadSpan, args->payload, args->payloadSize);
 
  /*
@@ -979,7 +980,7 @@ NC_EXPORT NCResult NC_CC NCDecrypt(
  return result;
 }
 
-NC_EXPORT NCResult NCComputeMac(
+NC_EXPORT NCResult NC_CC NCComputeMac(
  const NCContext* ctx,
  const uint8_t hmacKey[NC_HMAC_KEY_SIZE],
  const uint8_t* payload,
@@ -1069,13 +1070,14 @@ NC_EXPORT NCResult NC_CC NCVerifyMac(
 
 #define ENSURE_ENC_MODE(args, mode) if(args->version != mode) return E_VERSION_NOT_SUPPORTED;
 
-NC_EXPORT NCResult NCSetEncryptionPropertyEx(
+NC_EXPORT NCResult NC_CC NCEncryptionSetPropertyEx(
  NCEncryptionArgs* args,
  uint32_t property,
  uint8_t* value,
  uint32_t valueLen
 )
 {
+ uint32_t ivSize;
 
  CHECK_NULL_ARG(args, 0)
  CHECK_NULL_ARG(value, 2)
@@ -1091,22 +1093,6 @@ NC_EXPORT NCResult NCSetEncryptionPropertyEx(
 
  return NC_SUCCESS;
 
- case NC_ENC_SET_NIP04_IV:
- /*
- * The safest way to store the nip04 IV is in the nonce
- * field. An IV is essentially a nonce. A secure random
- * number used to encrypt the first block of a CBC chain.
- */
-
- CHECK_ARG_RANGE(valueLen, AES_IV_SIZE, UINT32_MAX, 3)
-
- ENSURE_ENC_MODE(args, NC_ENC_VERSION_NIP04)
-
- args->nonceData = value;
-
- return NC_SUCCESS;
-
-
  case NC_ENC_SET_NIP04_KEY:
  /*
  * The AES key is stored in the hmac key field, since
@@ -1122,13 +1108,17 @@ NC_EXPORT NCResult NCSetEncryptionPropertyEx(
 
  return NC_SUCCESS;
 
- case NC_ENC_SET_NIP44_NONCE:
+ case NC_ENC_SET_IV:
+
+ ivSize = NCEncryptionGetIvSize(args->version);
 
- /* Nonce buffer must be at least the size, max doesnt matter */
- CHECK_ARG_RANGE(valueLen, NC_ENCRYPTION_NONCE_SIZE, UINT32_MAX, 3)
+ /* Gaurd invalid version */
+ if (ivSize == 0)
+ {
+ return E_VERSION_NOT_SUPPORTED;
+ }
 
- /* Nonce is only used in nip44 mode */
- ENSURE_ENC_MODE(args, NC_ENC_VERSION_NIP44)
+ CHECK_ARG_RANGE(valueLen, ivSize, ivSize, 3)
 
  args->nonceData = value;
 
@@ -1155,21 +1145,21 @@ NC_EXPORT NCResult NCSetEncryptionPropertyEx(
  return E_INVALID_ARG;
 }
 
-NC_EXPORT NCResult NCSetEncryptionProperty(
+NC_EXPORT NCResult NC_CC NCEncryptionSetProperty(
  NCEncryptionArgs* args,
  uint32_t property,
  uint32_t value
 )
 {
- return NCSetEncryptionPropertyEx(
+ return NCEncryptionSetPropertyEx(
  args, 
  property, 
  (uint8_t*)&value, 
  sizeof(uint32_t)
  );
 }
 
-NC_EXPORT NCResult NCSetEncryptionData(
+NC_EXPORT NCResult NC_CC NCEncryptionSetData(
  NCEncryptionArgs* args,
  const uint8_t* input,
  uint8_t* output,
@@ -1186,4 +1176,19 @@ NC_EXPORT NCResult NCSetEncryptionData(
  args->dataSize = dataSize;
 
  return NC_SUCCESS; 
-}
+}
+
+NC_EXPORT uint32_t NC_CC NCEncryptionGetIvSize(uint32_t version)
+{
+ switch (version)
+ {
+ case NC_ENC_VERSION_NIP04:
+ return NC_NIP04_IV_SIZE;
+
+ case NC_ENC_VERSION_NIP44:
+ return NC_NIP44_IV_SIZE;
+
+ default:
+ return 0;
+ }
+}